CVE-2025-1230

Vulnerability

Overview CVE-2025-1230 is a stored Cross-Site Scripting (XSS) vulnerability in Prestashop version 8.1.7. The flaw originates from insufficient input validation of the link parameter in the admin interface, specifically through /<admin_directory>/index.php. This allows an attacker to inject malicious scripts that are stored and later executed in the context of an authenticated user's session [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious query string targeting the link parameter. The attacker does not require authentication but must trick an authenticated administrator into interacting with the crafted link (e.g., via social engineering). Once the authenticated user accesses the malicious link, the injected script executes in their browser, enabling the attacker to steal session cookies [1].

Impact

Successful exploitation leads to session cookie theft, which can be used for session hijacking. The attacker could gain unauthorized access to the admin panel with the victim's privileges, potentially compromising the entire e-commerce site. The CVSS v3.1 base score is 4.8 (Medium), with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating low confidentiality and integrity impact but requiring high privileges and user interaction [1].

Mitigation

As of the publication date, the vendor is working on a fix. Users are advised to update to the latest version of Prestashop once available. Until then, administrators should exercise caution with admin panel links and consider additional security measures such as web application firewalls [1].